Why You Need a Database Audit Trail
As the number of data leaks continues to rise, government bodies, commercial companies, medical and financial institutions, educational organizations try to protect their sensitive data from being stolen by bad guys. Most industries need to support compliance, security and operations. Laws and regulations controlling the use of electronic records such as SOX, HIPAA, PCI DSS, GDPR make audit trails an important element of protection against security breaches, supporting compliance with regulations and passing various kinds of audits. In other words, any company, government agency or educational organization that deals with sensitive data will benefit from maintaining accurate audit logs.
What Is Auditing Used For
The general idea of database auditing is to know who and when accessed your database tables, and what modifications were done to them.
Typically, auditing is used for:
- Enabling accountability for actions performed in a particular schema, table, row, or affecting specific content.
- Preventing database users from inappropriate actions based on that accountability. Implementing audit trails helps to make user behavior more appropriate because the user knows that his user records can be traced down to his identity. Thus, it helps to prevent insider-driven data leaks.
- Investigating suspicious activity and revealing data breaches. Database trails help the investigators to find the culprit and prevent such things from occurrence in the future.
- Intrusion detection. Audit trails help to identify a data breach in progress. Bad guys sometimes work for a long time trying to breach the security system, or an insider copies the sensitive data by parts. All these things leave a trail.
- Detecting problems with an authorization or implementation of access control and providing help in reassessing user authorizations. Audit trails enable you to identify abuse of access rights either by regular users or by privileged users thus it help to asses proper rights to these users.
- Monitoring and gathering information about specific database activities. Sometimes audit trails can be useful for collecting statistical information.
The most typical questions associated with database audit are:
- Who viewed and modified sensitive data inside your system?
- When the data of interest has been changed?
- How a specific user got access to this data?
- Were these changes approved?
- Did the privileged users abuse their unlimited access rights?
Theoretically, all these demands can be fulfilled using either native database audit mechanisms or a dedicated software. But the point is that not all audit logs are equally valuable to the auditors. Let’s dwell on this subject for a while.
Using Database-Integrated Audit Mechanisms
The matter is that when you use native audit tools it can be too complicated to find certain information about events that you need for an audit. Moreover, logs from native tools are not designed for audit purposes. They are collected for database administrators, so they could know about database bugs and performance problems.
When you use only native tools for auditing, you will face some difficulties during the work:
- Large audit logs archives take a huge part of the database storage
- Native tools collect information not, in a format that is readable for auditors and security teams. It means they just can not use them for analyzing logs and doing their work properly
- The overhead on the database server slows the performance
If you need to satisfy the auditors’ needs and simplify the work of your security team, just use dedicated stand-alone software. It should be enough to answer the most critical questions that arise when performing a data audit.
The Requirements for a Dedicated Audit Trail Application
We’ll make it simple, so here are just three major demands for an advanced auditing software:
- It should monitor privileged users who have access to sensitive data.
- The audit log for these data and users should be stored for the required period of time and proper reports should be generated periodically.
- Such a system should include access-preventing and alerting mechanisms activated when an unauthorized activity is detected.
DataSunrise Audit Solution
Based on the requirements we mentioned above, let’s take a closer look at DataSunrise’s capabilities.
DataSunrise’s Data Audit component is capable to audit ALL user actions and queries sent to the target database. Auditing just doesn’t depend on database user type. Thus it is able to audit both regular users’ queries and privileged users’ queries.
DataSunrise stores its auditing results in an integrated SQLite database or in an external database such as PostgreSQL, MS SQL Server, Vertica, Redshift, Aurora MySQL, MySQL. Thanks to DataSunrise’s Report Gen advanced reporting component, you can present your audited data as a customizable report suitable for your auditor’s needs. You can also create reports periodically on schedule.
DataSunrise Suite includes Data Security component which is able to prevent user access to the target database and notify the security personnel (or administrators) via email or instant messengers. DataSunrise also identifies and prevents SQL injections on-the-fly. DataSunrise also includes both dynamic and static data masking tools that help to prevent insider-driven accidental data leaks.